Job Description

Position Title: Sr Cyber Defense Lead

Clearance: Secret (can hold up to TS)

Position Location: Ft Belvoir, VA

Onsite Expectation: 5 days per week

Interview Process: Resume review, Initial interview with technical manager, final interview with hiring manager.

Onboarding: 2-4 weeks

Contract: 6-hire

Pay : $70-$80/hr

Insight Global is Seeking a Seeking a Sr. Cyber Defense Lead. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Operations Centers (SOC), Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation.

Job Responsibilities:

• Establish an Enterprise Cyber Defense Policy to standardize cyber defense practices for PEO Enterprise programs
• Implement and lead a centralized cyber defense team
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for the inclusion into the risk mitigation strategy
• Provide daily summary reports of network events and activity relevant to cyber defense practices
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Identify applications and operating systems of a network device based on network traffic
• Skill in detecting host and network-based intrusions via intrusion detection technologies
• Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat conditions and determine which security issues may have an impact on the enterprise
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Provide cybersecurity related strategic leadership support
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan
• Examine network topologies to understand data flows through the network

Must Haves:

• Secret clearance
• DoD 8140 / 8570 IAT Level II certification
• 5+ years of hands-on experience leading a Cybersecurity leading a team in SOC, SIEM, or SOAR
• Knowledge of the following:
• Cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)
• Cloud computing deployment models in private, public, and hybrid environment both on prem and off prem
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Host/network access control mechanisms (e.g., access control list)
• Known vulnerabilities from alerts, advisories, errata, and bulletins, penetration testing principles, tools, and techniques, and defense-in-depth principles and network security architecture
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools

Preferred Skills:

• Understanding of the MITRE ATT&CK framework
• Knowledge of authentication, authorization, and access control methods
• Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities)
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
• Experience with Army policies, regulations, and processes preferred

Job Tags

Similar Jobs